> You are assuming a lot about who your oAuth provider is
> Sure many places only implement
This doesn't change my concern, but yes, it deepens it. Sure, I known there can be an arbitrary authority, but does it matter when 90% don't allow another authority? I can't think of more than once I have seen another authority listen.
